Okay, I created a patch that fixed the issue, you can find it attached. What is the usual procedure for reviewing the patch and merging it? I am sorry for being a newbie ;) Kind regards, Philipp Fyi, I already mentioned this problem/patch to Hans-Christoph Steiner <hans@eds.org>, who was responsible for merging the problematic OpenSSL 1.1.x patch. Am 01-Dec-17 um 12:49 schrieb Gianfranco Costamagna: > > >> Open the software, click "Save As", enter any filename, click save - >> Segmentation Fault. >> but instead to stable. > > exactly, backports isn't the place to fix bugs in stable > >> As far as I can see and tell, only Skrooge depends on libsqlcipher0 ->and it is currently broken. >> Sadly, I have no experience on how to get this stone rolling. Should I >> file a bug against Skrooge in Stable? Or would I make more sende for >> someone else to do this? > the best chance to get it working, is to isolate the fix, do a minimal > libsqlcipher upload with ABI stability, starting from the old version. > This way skrooge will start to work, and no new release will be needed > > G.
--- crypto_openssl.c 2017-12-01 13:19:04.000000000 +0100 +++ crypto_openssl.c.new 2017-12-01 13:19:24.251947325 +0100 @@ -109,6 +109,8 @@ is called by SQLCipher internally. This should prevent SQLCipher from "cleaning up" openssl when it was initialized externally by the program */ EVP_cleanup(); + } else { + openssl_external_init = 0; } #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND sqlite3_mutex_free(openssl_rand_mutex); @@ -145,8 +147,8 @@ static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { unsigned int outlen; #if OPENSSL_VERSION_NUMBER >= 0x10100001L - HMAC_CTX *hctx; - hctx = HMAC_CTX_new(); + HMAC_CTX* hctx = HMAC_CTX_new(); + if(hctx == NULL) return SQLITE_ERROR; HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL); HMAC_Update(hctx, in, in_sz); HMAC_Update(hctx, in2, in2_sz); @@ -173,15 +175,15 @@ int tmp_csz, csz; #if OPENSSL_VERSION_NUMBER >= 0x10100001L - EVP_CIPHER_CTX *ectx; - ectx = EVP_CIPHER_CTX_new(); - EVP_CipherInit(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode); + EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new(); + if(ectx == NULL) return SQLITE_ERROR; + EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode); EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding - EVP_CipherInit(ectx, NULL, key, iv, mode); + EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode); EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz); csz = tmp_csz; out += tmp_csz; - EVP_CipherFinal(ectx, out, &tmp_csz); + EVP_CipherFinal_ex(ectx, out, &tmp_csz); csz += tmp_csz; EVP_CIPHER_CTX_free(ectx); @@ -204,8 +206,11 @@ static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) { openssl_ctx *o_ctx = (openssl_ctx *)ctx; - o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name); - return SQLITE_OK; + EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name); + if(cipher != NULL) { + o_ctx->evp_cipher = cipher; + } + return cipher != NULL ? SQLITE_OK : SQLITE_ERROR; } static const char* sqlcipher_openssl_get_cipher(void *ctx) {
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature